On 25th May 2018 the General Data Protection Regulation (GDPR) came into effect across Europe. Edgewood Primary School, as a data controller and processor, holds information about your child and the people listed as contacts for your child. With the new regulation we need you to check your data and ensure you sign to say that we have permission to hold it. As a school we have a legal right to hold information about you and your child, but we would rather gain your consent.
Our GDPR policy is on our website (see link in sub-menu) along with a list of companies that hold information (e.g. our MIS system and assessment systems etc.) below. If you would like any more information about what information companies we use hold and what they and we do with that information please contact the DPO.
If you would like more general information about GDPR then you can access it on the Information Commissioner’s Office’s website.
As a school we prefer to request consent wherever possible and be as specific as possible with that consent. As such we request that any consent to hold your information needs to be for each child you have at Edgewood Primary School – consents are not transferable to different children. We also as that we have the signed consent of each contact to hold their information, you cannot sign for another contact.
Without this consent, we will not hold the information of anyone who isn’t a parent as defined by Section 576 of the Education Act (1996). This refers to the natural parents of a child, whether married or not; anyone who has parental responsibility for a child; and any person, who although not a natural parent, has care of a child.
Our school uses the following data processors:
Nottinghamshire County Council
Early Excellence (EExBA)
Fischer Family Trust Aspire
As well as school staff, Next Level Sports and Atom IT have access to Scholarpack to preform their duties within school.
We have recieved statements of compliance from these users / processors to satisfy that they are treating the data appropriately.
All school staff have recieved training on GDPR and ensuring data is treated appropriately. This will be updated annually or more regularly if data breaches are identified.
Ed Seeley (Headteacher) is the responsible person and Katherine Campsall is the DPO (email@example.com).
We are registered with the Information Commisioner as a data controller and data processor.